CVE-2005-4549

Currently unrated

Key Information:

Vendor: Oracle
Status: Application Server Discussion Forum Portlet
Vendor: CVE Published:; 28 December 2005

Summary

Cross-site scripting (XSS) vulnerability in Oracle Application Server (OracleAS) Discussion Forum Portlet allows remote attackers to inject arbitrary web script or HTML via the (1) RowKeyValue parameter in the PORTAL schema; and the (2) title and (3) content input fields when creating an forum article.

References

http://securityreason.com/securityalert/298

third-party-advisoryx_refsource_SREASON

http://marc.info/?l=full-disclosure&m=113532626203708&w=2

mailing-listx_refsource_FULLDISC

http://securitytracker.com/id?1015405

vdb-entryx_refsource_SECTRACK

Timeline

Vulnerability published
Dec 28, 2005
Vulnerability Reserved
Dec 28, 2005